This documentation is archived and is not being maintained.

ECDiffieHellmanCng Class

Updated: March 2011

Provides a Cryptography Next Generation (CNG) implementation of the Elliptic Curve Diffie-Hellman (ECDH) algorithm. This class is used to perform cryptographic operations.

Namespace:  System.Security.Cryptography
Assembly:  System.Core (in System.Core.dll)

[HostProtectionAttribute(SecurityAction.LinkDemand, MayLeakOnAbort = true)]
public sealed class ECDiffieHellmanCng : ECDiffieHellman


The HostProtectionAttribute attribute applied to this type or member has the following Resources property value: MayLeakOnAbort. The HostProtectionAttribute does not affect desktop applications (which are typically started by double-clicking an icon, typing a command, or entering a URL in a browser). For more information, see the HostProtectionAttribute class or SQL Server Programming and Host Protection Attributes.

The ECDiffieHellmanCng class enables two parties to exchange private key material even if they are communicating through a public channel. Both parties can calculate the same secret value, which is referred to as the secret agreement in the managed Diffie-Hellman classes. The secret agreement can then be used for a variety of purposes, including as a symmetric key. However, instead of exposing the secret agreement directly, the ECDiffieHellmanCng class does some post-processing on the agreement before providing the value. This post processing is referred to as the key derivation function (KDF); you can select which KDF you want to use and set its parameters through a set of properties on the instance of the Diffie-Hellman object.

Key derivation function



HashAlgorithm - The hash algorithm that is used to process the secret agreement.

SecretPrepend - An optional byte array to prepend to the secret agreement before hashing it.

SecretAppend - An optional byte array to append to the secret agreement before hashing it.


HashAlgorithm - The hash algorithm that is used to process the secret agreement.

SecretPrepend- An optional byte array to prepend to the secret agreement before hashing it.

SecretAppend - An optional byte array to append to the secret agreement before hashing it.


Label - The label for key derivation.

Seed - The seed for key derivation.

The result of passing the secret agreement through the key derivation function is a byte array that may be used as key material for your application. The number of bytes of key material generated is dependent on the key derivation function; for example, SHA-256 will generate 256 bits of key material, whereas SHA-512 will generate 512 bits of key material.The basic flow of an ECDH key exchange is as follows:

  1. Alice and Bob create a key pair to use for the Diffie-Hellman key exchange operation

  2. Alice and Bob configure the KDF using parameters the agree on.

  3. Alice sends Bob her public key.

  4. Bob sends Alice his public key.

  5. Alice and Bob use each other's public keys to generate the secret agreement, and apply the KDF to the secret agreement to generate key material.

The following example shows how to use the ECDiffieHellmanCng class to establish a key exchange and how to use that key to encrypt a message that can be sent over a public channel and decrypted by the receiver.

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

class Alice
    public static byte[] alicePublicKey;

    public static void Main(string[] args)
        using (ECDiffieHellmanCng alice = new ECDiffieHellmanCng())

            alice.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
            alice.HashAlgorithm = CngAlgorithm.Sha256;
            alicePublicKey = alice.PublicKey.ToByteArray();
            Bob bob = new Bob();
            CngKey k = CngKey.Import(bob.bobPublicKey, CngKeyBlobFormat.EccPublicBlob);
            byte[] aliceKey = alice.DeriveKeyMaterial(CngKey.Import(bob.bobPublicKey, CngKeyBlobFormat.EccPublicBlob));
            byte[] encryptedMessage = null;
            byte[] iv = null;
            Send(aliceKey, "Secret message", out encryptedMessage, out iv);
            bob.Receive(encryptedMessage, iv);


    private static void Send(byte[] key, string secretMessage, out byte[] encryptedMessage, out byte[] iv)
        using (Aes aes = new AesCryptoServiceProvider())
            aes.Key = key;
            iv = aes.IV;

            // Encrypt the message 
            using (MemoryStream ciphertext = new MemoryStream())
            using (CryptoStream cs = new CryptoStream(ciphertext, aes.CreateEncryptor(), CryptoStreamMode.Write))
                byte[] plaintextMessage = Encoding.UTF8.GetBytes(secretMessage);
                cs.Write(plaintextMessage, 0, plaintextMessage.Length);
                encryptedMessage = ciphertext.ToArray();

public class Bob 
    public byte[] bobPublicKey;
    private byte[] bobKey;
    public Bob()
        using (ECDiffieHellmanCng bob = new ECDiffieHellmanCng())

            bob.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
            bob.HashAlgorithm = CngAlgorithm.Sha256;
            bobPublicKey = bob.PublicKey.ToByteArray();
            bobKey = bob.DeriveKeyMaterial(CngKey.Import(Alice.alicePublicKey, CngKeyBlobFormat.EccPublicBlob));


    public void Receive(byte[] encryptedMessage, byte[] iv)

        using (Aes aes = new AesCryptoServiceProvider())
            aes.Key = bobKey;
            aes.IV = iv;
            // Decrypt the message 
            using (MemoryStream plaintext = new MemoryStream())
                using (CryptoStream cs = new CryptoStream(plaintext, aes.CreateDecryptor(), CryptoStreamMode.Write))
                    cs.Write(encryptedMessage, 0, encryptedMessage.Length);
                    string message = Encoding.UTF8.GetString(plaintext.ToArray());


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows Server 2008 R2, Windows Server 2008

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5




March 2011

Added example and expanded remarks.

Information enhancement.